Patch "fscrypt: only set dentry_operations on ciphertext dentries" has been added to the 4.19-stable tree

gregkh at linuxfoundation.org gregkh at linuxfoundation.org
Sun Nov 1 05:39:03 EST 2020 

This is a note to let you know that I've just added the patch titled

    fscrypt: only set dentry_operations on ciphertext dentries

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fscrypt-only-set-dentry_operations-on-ciphertext-dentries.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.


>From foo at baz Sun Nov  1 11:35:18 AM CET 2020
From: Eric Biggers <ebiggers at kernel.org>
Date: Sat, 31 Oct 2020 15:05:52 -0700
Subject: fscrypt: only set dentry_operations on ciphertext dentries
To: stable at vger.kernel.org
Cc: linux-fscrypt at vger.kernel.org, linux-ext4 at vger.kernel.org, linux-f2fs-devel at lists.sourceforge.net, linux-mtd at lists.infradead.org, Theodore Ts'o <tytso at mit.edu>
Message-ID: <20201031220553.1085782-5-ebiggers at kernel.org>

From: Eric Biggers <ebiggers at google.com>

commit d456a33f041af4b54f3ce495a86d00c246165032 upstream.

Plaintext dentries are always valid, so only set fscrypt_d_ops on
ciphertext dentries.

Besides marginally improved performance, this allows overlayfs to use an
fscrypt-encrypted upperdir, provided that all the following are true:

    (1) The fscrypt encryption key is placed in the keyring before
	mounting overlayfs, and remains while the overlayfs is mounted.

    (2) The overlayfs workdir uses the same encryption policy.

    (3) No dentries for the ciphertext names of subdirectories have been
	created in the upperdir or workdir yet.  (Since otherwise
	d_splice_alias() will reuse the old dentry with ->d_op set.)

One potential use case is using an ephemeral encryption key to encrypt
all files created or changed by a container, so that they can be
securely erased ("crypto-shredded") after the container stops.

Signed-off-by: Eric Biggers <ebiggers at google.com>
Signed-off-by: Theodore Ts'o <tytso at mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
 fs/crypto/hooks.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -115,9 +115,8 @@ int __fscrypt_prepare_lookup(struct inod
 		spin_lock(&dentry->d_lock);
 		dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
 		spin_unlock(&dentry->d_lock);
+		d_set_d_op(dentry, &fscrypt_d_ops);
 	}
-
-	d_set_d_op(dentry, &fscrypt_d_ops);
 	return 0;
 }
 EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup);


Patches currently in stable-queue which might be from ebiggers at kernel.org are

queue-4.19/fscrypt-only-set-dentry_operations-on-ciphertext-dentries.patch
queue-4.19/fscrypt-clean-up-and-improve-dentry-revalidation.patch
queue-4.19/fscrypt-fix-race-allowing-rename-and-link-of-ciphertext-dentries.patch
queue-4.19/fs-fscrypt-clear-dcache_encrypted_name-when-unaliasing-directory.patch
queue-4.19/fscrypt-fix-race-where-lookup-marks-plaintext-dentry-as-ciphertext.patch

More information about the linux-mtd mailing list